Virus qui bloque l'acces aux postes clés (
samlagaure
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour
J ai quasiment tout essayé rien n'y fait :-(
voici le rapport sachant que tous les acces sont refusés sans raisons apparentes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\s3hotkey.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\cscript.exe
J ai quasiment tout essayé rien n'y fait :-(
voici le rapport sachant que tous les acces sont refusés sans raisons apparentes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\s3hotkey.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\cscript.exe
A voir également:
- Virus qui bloque l'acces aux postes clés (
- Code puk bloqué - Guide
- Acces rapide - Guide
- Téléphone bloqué code verrouillage - Guide
- Pavé tactile bloqué - Guide
- Virus mcafee - Accueil - Piratage
139 réponses
Bonjour,
Voici le hijack pour commencer :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:42, on 12/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voici le hijack pour commencer :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:42, on 12/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je n'ai pas mis l'exhaustivité du log; j'espère que tu comprendras
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 13, 2007 12:58:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/11/2007
Kaspersky Anti-Virus database records: 457789
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 39288
Number of viruses found: 6
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:15:08
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\.housecall6.6\Quarantine\awzyalmd.zqy.ren.bac_a02372 Infected: Trojan-Clicker.Win32.Small.js skipped
C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\Cache\3CD27B45d01/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\Cache\3CD27B45d01 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Stratégie de sécurité locale.lnk Object is locked skipped
(...)
C:\Documents and Settings\LAPTOP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Historique\History.IE5\MSHist012007111220071113\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LAPTOP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LAPTOP\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1ABB299D-6C4E-498E-BB6C-BAEAB72600DD}\setup.ilg Object is locked skipped
C:\Program Files\Mozilla Firefox\aaw2007.exe.part Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Jio45.sys.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\s_detect.htm.vir Infected: Trojan-Downloader.JS.Agent.ms skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/symavc32.sys Infected: Rootkit.Win32.Agent.jc skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/hrum363.txt Infected: Trojan.Win32.Agent.ali skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/kprof Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/koos.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/poof Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip ZIP: infected - 5 skipped
C:\System Volume Information\_restore{85766195-B126-43A3-87F8-A2F55CA38C20}\RP2\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\LAP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\TEMP\ZLT02e8f.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 13, 2007 12:58:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/11/2007
Kaspersky Anti-Virus database records: 457789
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 39288
Number of viruses found: 6
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:15:08
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\.housecall6.6\Quarantine\awzyalmd.zqy.ren.bac_a02372 Infected: Trojan-Clicker.Win32.Small.js skipped
C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\Cache\3CD27B45d01/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\Cache\3CD27B45d01 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Stratégie de sécurité locale.lnk Object is locked skipped
(...)
C:\Documents and Settings\LAPTOP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Historique\History.IE5\MSHist012007111220071113\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LAPTOP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LAPTOP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LAPTOP\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1ABB299D-6C4E-498E-BB6C-BAEAB72600DD}\setup.ilg Object is locked skipped
C:\Program Files\Mozilla Firefox\aaw2007.exe.part Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Jio45.sys.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\s_detect.htm.vir Infected: Trojan-Downloader.JS.Agent.ms skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/symavc32.sys Infected: Rootkit.Win32.Agent.jc skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/hrum363.txt Infected: Trojan.Win32.Agent.ali skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/kprof Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/koos.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/poof Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip ZIP: infected - 5 skipped
C:\System Volume Information\_restore{85766195-B126-43A3-87F8-A2F55CA38C20}\RP2\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\LAP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\TEMP\ZLT02e8f.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Lyonnais, tu es un dur de dur et patient !
Vrai travail de pro ! Etonnant!
Et balltrap, fidèle à lui-même !
Vraiment riche d'éducation.
Bravo Messieurs ! ;-)
Vrai travail de pro ! Etonnant!
Et balltrap, fidèle à lui-même !
Vraiment riche d'éducation.
Bravo Messieurs ! ;-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
J'ai lancé spybot qui me trouve 603 objets mais lorsque je clique sur réparer il s'affiche un sablier, j'ai laissé tourner (hors connection) pendant 5 heures et lorsque je reviens toujours le même écran avec le sablier. :-(
"jalobservateur" tu ne serais pas de l'autre camp à tout hasard ? ;-)
J'ai lancé spybot qui me trouve 603 objets mais lorsque je clique sur réparer il s'affiche un sablier, j'ai laissé tourner (hors connection) pendant 5 heures et lorsque je reviens toujours le même écran avec le sablier. :-(
"jalobservateur" tu ne serais pas de l'autre camp à tout hasard ? ;-)
Bonjour,
Lis bien et exécute cette manip dans l’ordre.
#Télécharge et installe ces logiciels (si tu ne les as pas), pour les 3 premiers mets les à jour, comme indiqué dans les démos ou tutos.
Ne les utilises pas tout de suite.
Antispywares et autres :
* AVG AS
AVG anti spyware
https://www.01net.com/telecharger/
Met le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
Nettoyeurs (de fichiers inutiles) et autres :
*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !
========================================
->Affiches tous les fichiers et dossiers :
cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
========================================
Désactive puis réactive ta restauration système en suivant ce stuto :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
========================================
->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
===========================
->Lance CCleaner.
Suppression des fichiers temporaires
Va dans la section "Options" situé dans la marge gauche. Décoche "Avancé".
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]
========================================
->Lance AVG pour un scan complet "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
========================================
->Relance CCleaner.
Suppression des incohérences du registre
• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Défragmente tes partitions
->Redémarre en mode normal,
->Recoche la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
Poste le rapport de AVG antispy.
relance Hijackthis et copie/colle un nouveau rapport sur le forum.
Comment va l'ordi ?
Lis bien et exécute cette manip dans l’ordre.
#Télécharge et installe ces logiciels (si tu ne les as pas), pour les 3 premiers mets les à jour, comme indiqué dans les démos ou tutos.
Ne les utilises pas tout de suite.
Antispywares et autres :
* AVG AS
AVG anti spyware
https://www.01net.com/telecharger/
Met le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
Nettoyeurs (de fichiers inutiles) et autres :
*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !
========================================
->Affiches tous les fichiers et dossiers :
cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
========================================
Désactive puis réactive ta restauration système en suivant ce stuto :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
========================================
->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
===========================
->Lance CCleaner.
Suppression des fichiers temporaires
Va dans la section "Options" situé dans la marge gauche. Décoche "Avancé".
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]
========================================
->Lance AVG pour un scan complet "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
========================================
->Relance CCleaner.
Suppression des incohérences du registre
• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Défragmente tes partitions
->Redémarre en mode normal,
->Recoche la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
Poste le rapport de AVG antispy.
relance Hijackthis et copie/colle un nouveau rapport sur le forum.
Comment va l'ordi ?
Bonjour Le Lyonnais,
AVG et Antivir semblent ralentir severement le redémarrage à part ça je n'ai pas constaté de difference notable.
Je vais lancer spybot pour voir s'il décèle toujours les 600 elements.
Voici les logs :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:39:37 17/11/2007
+ Résultat de l'analyse:
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/koos.exe -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/kprof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/poof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Jio45.sys.vir -> Rootkit.Agent.jc : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/symavc32.sys -> Rootkit.Agent.jc : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.17:C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/hrum363.txt -> Trojan.Agent.ali : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
==================================================================
Rapport de défragmentation:
Volume (C:)
Taille du volume = 18,63 Go
Taille de cluster = 4 Ko
Espace utilisé = 15,13 Go
Espace libre = 3,50 Go
Pourcentage d'espace libre = 18 %
Fragmentation du volume
Fragmentation totale = 35 %
Fragmentation de fichiers = 68 %
Fragmentation de l'espace libre = 3 %
Fragmentation de fichiers
Total de fichiers = 38 667
Taille moyenne de fichier = 502 Ko
Total de fichiers fragmentés = 124
Total de fragments en trop = 57 511
Nombre moyen de fragments par fichier = 2,48
Fragmentation du fichier paginé
Taille du fichier paginé = 192 Mo
Total de fragments = 139
Fragmentation de dossier
Total de dossiers = 3 731
Dossiers fragmentés = 1
Fragments de dossiers en trop = 0
Fragmentation de la table de fichiers principale (MFT)
Taille totale de la MFT = 65 Mo
Nombre d'enregistrements dans la MFT = 43 508
Pourcentage d'utilisation de la MFT = 65 %
Total de fragments dans la MFT = 18
--------------------------------------------------------------------------------
Fragments Taille du fichierFichiers qui ne peuvent pas être défragmentés
219 13 Mo \WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_2235.xml
256 22 Mo \Documents and Settings\LAPTOP\Mes documents\TomTom\HOME\Downloads\Download Cache\v2_1_1_106_win.exe
237 26 Mo \Documents and Settings\Ham\Local Settings\Temp\fla8.tmp
247 26 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\OL2RGDUJ\LES_GUIGNOLS_EMISSION_071014_CAN_4942_video_H[1].flv
440 28 Mo \xscan.txt
603 37 Mo \WINDOWS\VPTNFILE.819
422 42 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\MPKVA5UT\LES_GUIGNOLS_EMISSION_071018_CAN_5270_video_H[1].flv
427 42 Mo \Documents and Settings\Ham\Local Settings\Temp\fla4.tmp
456 46 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\OL2RGDUJ\LES_GUIGNOLS_EMISSION_071016_CAN_5105_video_H[1].flv
438 46 Mo \Documents and Settings\Ham\Local Settings\Temp\fla6.tmp
601 49 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\4PYZCXUF\LES_GUIGNOLS_EMISSION_071017_CAN_5208_video_H[1].flv
552 49 Mo \Documents and Settings\Ham\Local Settings\Temp\fla2.tmp
464 53 Mo \Documents and Settings\Ham\Bureau\Audio\Berlioz\Classique - VIVALDI - Les quatre saisons2.mp3
1,041 77 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\ Institute 9 Special\Scene 2 Zafira, Cindy.avi
621 96 Mo \Documents and Settings\Ham\Bureau\Audio\mo\mo\INTEGRALE - VOL. IX - (1937).ZIP
537 96 Mo \Documents and Settings\Ham\Bureau\Audio\mo\MoINTEGRALE - VOL. IX - (1937).ZIP
190 120 Mo \Documents and Settings\LAPTOP\Bureau\BE_NL_and_LU_plus_major_roads_of_WE 1409\BE_NL_and_LU_plus_major_roads_of_WE 1409\cline.dat
1,173 139 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Cock.Drainers\Cock.Drainers.LauraLion.wmv
802 148 Mo \Documents and Settings\Ham\Bureau\PAPELARDS\docs\logos\AICS_Tryout_EN.zip
2,400 149 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special \ Magic.WMV
2,542 167 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\Panther.avi
2,715 193 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\ Diamond.avi
2,773 194 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\auren.avi
2,209 207 Mo \Documents and Settings\LAPTOP\Bureau\BE_NL_and_LU_plus_major_roads_of_WE 1409.zip
2,690 208 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Drainers\Drainers.Zuz.wmv
4,628 277 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 \Ice.avi
4,261 288 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\MaDor.avi
2,922 496 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Se\Se.wmv
4,029 630 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\L'obsession de Laure\Lobs.avi
13,181 678 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Jal.avi
==================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:44, on 17/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
AVG et Antivir semblent ralentir severement le redémarrage à part ça je n'ai pas constaté de difference notable.
Je vais lancer spybot pour voir s'il décèle toujours les 600 elements.
Voici les logs :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:39:37 17/11/2007
+ Résultat de l'analyse:
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/koos.exe -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/kprof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/poof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Jio45.sys.vir -> Rootkit.Agent.jc : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/symavc32.sys -> Rootkit.Agent.jc : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.17:C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/hrum363.txt -> Trojan.Agent.ali : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
==================================================================
Rapport de défragmentation:
Volume (C:)
Taille du volume = 18,63 Go
Taille de cluster = 4 Ko
Espace utilisé = 15,13 Go
Espace libre = 3,50 Go
Pourcentage d'espace libre = 18 %
Fragmentation du volume
Fragmentation totale = 35 %
Fragmentation de fichiers = 68 %
Fragmentation de l'espace libre = 3 %
Fragmentation de fichiers
Total de fichiers = 38 667
Taille moyenne de fichier = 502 Ko
Total de fichiers fragmentés = 124
Total de fragments en trop = 57 511
Nombre moyen de fragments par fichier = 2,48
Fragmentation du fichier paginé
Taille du fichier paginé = 192 Mo
Total de fragments = 139
Fragmentation de dossier
Total de dossiers = 3 731
Dossiers fragmentés = 1
Fragments de dossiers en trop = 0
Fragmentation de la table de fichiers principale (MFT)
Taille totale de la MFT = 65 Mo
Nombre d'enregistrements dans la MFT = 43 508
Pourcentage d'utilisation de la MFT = 65 %
Total de fragments dans la MFT = 18
--------------------------------------------------------------------------------
Fragments Taille du fichierFichiers qui ne peuvent pas être défragmentés
219 13 Mo \WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_2235.xml
256 22 Mo \Documents and Settings\LAPTOP\Mes documents\TomTom\HOME\Downloads\Download Cache\v2_1_1_106_win.exe
237 26 Mo \Documents and Settings\Ham\Local Settings\Temp\fla8.tmp
247 26 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\OL2RGDUJ\LES_GUIGNOLS_EMISSION_071014_CAN_4942_video_H[1].flv
440 28 Mo \xscan.txt
603 37 Mo \WINDOWS\VPTNFILE.819
422 42 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\MPKVA5UT\LES_GUIGNOLS_EMISSION_071018_CAN_5270_video_H[1].flv
427 42 Mo \Documents and Settings\Ham\Local Settings\Temp\fla4.tmp
456 46 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\OL2RGDUJ\LES_GUIGNOLS_EMISSION_071016_CAN_5105_video_H[1].flv
438 46 Mo \Documents and Settings\Ham\Local Settings\Temp\fla6.tmp
601 49 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\4PYZCXUF\LES_GUIGNOLS_EMISSION_071017_CAN_5208_video_H[1].flv
552 49 Mo \Documents and Settings\Ham\Local Settings\Temp\fla2.tmp
464 53 Mo \Documents and Settings\Ham\Bureau\Audio\Berlioz\Classique - VIVALDI - Les quatre saisons2.mp3
1,041 77 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\ Institute 9 Special\Scene 2 Zafira, Cindy.avi
621 96 Mo \Documents and Settings\Ham\Bureau\Audio\mo\mo\INTEGRALE - VOL. IX - (1937).ZIP
537 96 Mo \Documents and Settings\Ham\Bureau\Audio\mo\MoINTEGRALE - VOL. IX - (1937).ZIP
190 120 Mo \Documents and Settings\LAPTOP\Bureau\BE_NL_and_LU_plus_major_roads_of_WE 1409\BE_NL_and_LU_plus_major_roads_of_WE 1409\cline.dat
1,173 139 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Cock.Drainers\Cock.Drainers.LauraLion.wmv
802 148 Mo \Documents and Settings\Ham\Bureau\PAPELARDS\docs\logos\AICS_Tryout_EN.zip
2,400 149 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special \ Magic.WMV
2,542 167 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\Panther.avi
2,715 193 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\ Diamond.avi
2,773 194 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\auren.avi
2,209 207 Mo \Documents and Settings\LAPTOP\Bureau\BE_NL_and_LU_plus_major_roads_of_WE 1409.zip
2,690 208 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Drainers\Drainers.Zuz.wmv
4,628 277 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 \Ice.avi
4,261 288 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\MaDor.avi
2,922 496 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Se\Se.wmv
4,029 630 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\L'obsession de Laure\Lobs.avi
13,181 678 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Jal.avi
==================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:44, on 17/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
Re,
vide la quarantaine de avast.
Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.
Si c'est le cas tu as le choix entre ces deux possibilités :
Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/
Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php
Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php
Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
Ensuite, si l'ordi est stable, il faut installer le SP2.
Et remets un rapport Hijackthis.
vide la quarantaine de avast.
Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.
Si c'est le cas tu as le choix entre ces deux possibilités :
Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/
Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php
Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php
Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
Ensuite, si l'ordi est stable, il faut installer le SP2.
Et remets un rapport Hijackthis.
[b]Bonjour,
Une fois mon pare-feu téléchargé installé, devrais-je réactiver mon firewall windows ou pas ?
Je tente l'install d'sp2 dans l'heure et te fais un rapport.
Je suis parvenu à virer les elements spybot le log est en ci-dessous.
J'ai relancé AVG scan (il tourne actuellement ) et j'ai déja 3 tracking cookies trouvés (risque moyen) est-ce normal après ce qu'on vient de faire ?
Dernière question avant le scan, je souhaiterais désactiver les ActiveX la connection sera t-elle viable si je le fais ? comment proceder ?
Merci encore! [/b]
--- Search result list ---
CoolWWWSearch.HomeSearch: [SBI $A8649E31] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NVideoCodec.Chl
CoolWWWSearch.HomeSearch: [SBI $A8649E31] Class ID (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\adiras.ini:lrbmza:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\bevuf.dat:uygzll:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\bkzro.dat:trupjd:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\desktop(5)(3).ini:ijugca:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\desktop(5)(4).ini:ijugca:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\desktop(5).ini:ijugca:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\ieuninst.exe:igfotu:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\logs2.ini:yqcypm:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\mshs.dll:ekajjh:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\nzytn.dat:bjeykq:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\quzyn.txt:lwmqxd:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\stub87.ini:xpqpvw:$DATA
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\acddp.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\aqvzn.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\bjqmp.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\cycvv.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\edhqp.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\epfci.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ezjav.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\fcjej.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\fnphy.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\gwzvt.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ibzrp.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ilbxo.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\irxsi.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\iultz.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\iyujp.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\izkbu.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\juvvx.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\jveky.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\kbrwu.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\kgtzd.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\kospz.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\lxpgu.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\mfoxc.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\miruy.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\mnkja.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\mxhyd.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\olsci.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\pacan.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\qhmzv.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\qpclc.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\rvkcm.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\serov.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\suqct.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\tckos.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\uslky.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xejld.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xpqpv.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xscof.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xxmfo.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ybwgf.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yjmis.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yopok.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yxrmo.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yyvfu.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\zzijm.dat
Smitfraud-C.: [SBI $1167C539] Réglages (Valeur du registre, fixing failed)
HKEY_USERS\.DEFAULT\WindowsSubVersion
Smitfraud-C.: [SBI $1167C539] Réglages (Valeur du registre, fixed)
HKEY_USERS\S-1-5-18\WindowsSubVersion
MyWay.MyWebSearch: [SBI $DE2C892F] Installeur (Fichier, fixed)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Dialui-A: [SBI $76B7883B] Réglages désinstallation (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iexpedition
Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-11-17 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-11-14 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-14 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-14 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-14 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-14 Includes\PUPSC.sbi (*)
2007-11-14 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-14 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-14 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-14 Includes\Trojans.sbi (*)
2007-11-14 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ Windows Media Player: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Pack réseau avancé pour Windows XP
/ Windows XP / SP2: Correctif Windows XP - KB820291
/ Windows XP / SP2: Correctif Windows XP - KB821253
/ Windows XP / SP2: Correctif Windows XP - KB822603
/ Windows XP / SP2: Correctif Windows XP - KB823182
/ Windows XP / SP2: Correctif Windows XP - KB824105
/ Windows XP / SP2: Correctif Windows XP - KB824141
/ Windows XP / SP2: Correctif Windows XP - KB824146
/ Windows XP / SP2: Correctif Windows XP - KB825119
/ Windows XP / SP2: Correctif Windows XP - KB826939
/ Windows XP / SP2: Correctif Windows XP - KB826942
/ Windows XP / SP2: Correctif Windows XP - KB828028
/ Windows XP / SP2: Correctif Windows XP - KB828035
/ Windows XP / SP2: Correctif Windows XP - KB829558
/ Windows XP / SP2: Correctif Windows XP - KB842773
/ Windows XP / SP2: Correctif Windows XP (SP2) Q322011
/ Windows XP / SP2: Correctif Windows XP (SP2) Q327979
/ Windows XP / SP2: Correctif Windows XP (SP2) Q814995
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB927891)
--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40048
MD5: 66D4456C920E21BD2188F8CC33680DF5
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1844237615-839522115-854245398-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:RunOnce, SpybotDeletingB8958
where: S-1-5-21-1844237615-839522115-854245398-1007...
command: command /c del "C:\WINDOWS\xtjwc.dat:bhmxdg:$DATA"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD8530
where: S-1-5-21-1844237615-839522115-854245398-1007...
command: cmd /c del "C:\WINDOWS\xtjwc.dat:bhmxdg:$DATA"
file: C:\WINDOWS\system32\cmd.exe
size: 388096
MD5: 7C2769027921F5F798F5F482A80D2C06
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{41564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmvadvd.inf
Codebase: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38057.2693518519
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 11/06/2007 21:04:30
Date (last access): 17/11/2007 17:01:52
Date (last write): 11/06/2007 21:04:30
Filesize: 2267368
Attributes: archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 0) \SystemRoot\System32\smss.exe
size: 45568
PID: 192 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 4096
PID: 216 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 520704
PID: 260 ( 0) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 272 ( 0) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 436 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 468 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 500 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 712 ( 0) C:\WINDOWS\Explorer.EXE
size: 1000448
MD5: F5909963533D861D169B737A1A8E1EF8
PID: 896 ( 0) C:\WINDOWS\System32\taskmgr.exe
size: 136192
MD5: 43D0E19C07536416037FDFBC372D2ECB
PID: 1020 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
PID: 1528 ( 0) C:\WINDOWS\regedit.exe
size: 140800
MD5: 6D58D6C99C797428AD28D9D67AAAAD9D
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 17/11/2007 17:04:41
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
(AddressBook)
Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html
Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\System32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.
Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage
(Branding)
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Documents and Settings\LAPTOP\Bureau\CCleaner\uninst.exe"
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(expinst)
(Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Documents and Settings\LAPTOP\Bureau\HijackThis.exe" /uninstall
publisher: TrendMicro
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
Internet Explorer Q832894 (ieupdate)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf
(InstallShield Uninstall Information)
Kaspersky Online Scanner 5.0 (Kaspersky Online Scanner)
install location: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner
uninstall cmd: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: https://my.kaspersky.com/en/kpc/newrequest?LANG=en
Windows XP Hotfix (SP2) [See KB810243 for more information] (KB810243)
publisher: Microsoft Corporation
Correctif Windows XP - KB824146 20030825.150634 (KB824146)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/824146/
(KB884016)
Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20071102
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/howtotell/default.aspx
(KB893803)
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
(MSMSGS)
Barre d'outils MSN (MSN Toolbar)
uninstall cmd: C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\mtbs.exe c
(NetMeeting)
Outlook Express Q820223 (oeupdate)
uninstall cmd: C:\WINDOWS\Q820223.exe C:\WINDOWS\INF\Q820223.inf
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
IBM ThinkPad Power Management Driver 1.25.01 (Power Management Driver)
uninstall cmd: RunDll32.exe tpinspm.dll,Uninstall
Intel(R) PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe
Correctif Windows XP (SP2) Q322011 20021111.164308 (Q322011)
uninstall cmd: C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: Pour plus d'informations, consultez Q322011 à l'adresse https://support.microsoft.com/en-us
Correctif Windows XP (SP2) Q327979 20021114.125930 (Q327979)
uninstall cmd: C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: Pour plus d'informations, consultez Q327979 à l'adresse https://support.microsoft.com/en-us
Correctif Windows XP (SP2) Q814995 20030219.141715 (Q814995)
uninstall cmd: C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/814995
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/828026
(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set (SAMSUNG CDMA Modem)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software (SAMSUNG Mobile Composite Device)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software (Samsung Mobile phone USB driver)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem Software (SAMSUNG Mobile USB Modem)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software (SAMSUNG Mobile USB Modem 1.0)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
(SchedulingAgent)
(Sevinst)
VideoLAN VLC media player 0.8.1 0.8.1 (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team
Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/howtotell/default.aspx
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Yahoo! Toolbar avec bloqueur de fenêtres pop-up (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar (Yahoo! Toolbar)
(ZZ-ZZ-D24VaAhvUyhcOVIjRkZOW0ZPRkNGQFtETzUzRU5FRltGC0ALRwtHCzUyJCM4MTEyJSQiOVo0WzlPNkReNTtIIA==)
kit de connexion NC NUMERICABLE 1.0 ({1ABB299D-6C4E-498E-BB6C-BAEAB72600DD})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ABB299D-6C4E-498E-BB6C-BAEAB72600DD}\setup.exe" -l0x40c ControlPanel
InterVideo WinDVD 5 5.1-B5.26 ({1B399A41-C1D0-40A2-9E4F-095868EFAF01})
version (major): 5
version (minor): 1
install location: C:\Program Files\InterVideo\DVD5
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: https://www.windvdpro.com/fr/
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
3.0.20070525 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20070525
version (major): 3
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20060416
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2652
install date: 20040309
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/
TomTom HOME 2.1.1106 ({3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95})
version: 33621074
install date: 20071027
install location: C:\Program Files\TomTom HOME 2
install source: C:\DOCUME~1\LAPTOP\MESDOC~1\TomTom\HOME\DOWNLO~1\DOWNLO~1\V2_1_1~1.EXE
uninstall cmd: C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly -removeonly
publisher: TomTom
help link: https://help.tomtom.com/hc/fr
Visionneuse Journal Windows Microsoft 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 3715
install date: 20040311
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: Visionneuse de documents créés avec l'application Journal Windows.
contact: Microsoft
Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
version: 73662777
version (major): 4
version (minor): 100
estimated size: 1220
install date: 20070927
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
publisher: Microsoft Corporation
SAGEM F@st 800-840 ({4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F})
Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051118
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080
({666ADC9C-9C34-4B56-8B22-0419F257FB80})
Apple Software Update 2.0.0.21 ({74EC78BC-B379-4E29-9006-8F161DCAABA6})
version: 33554432
version (major): 2
estimated size: 2204
install date: 20071028
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP242.TMP\
uninstall cmd: MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: 0825 888 024
Microsoft Office XP Professional 10.0.2627.5 ({9211040C-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 158055
install date: 20040311
install location: INSTALLLOCATION
install source: D:\OfficeXP\
uninstall cmd: MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us
readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM
QuickTime 7.2.0.240 ({95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC})
version: 117571584
version (major): 7
version (minor): 2
estimated size: 75787
install date: 20071028
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP242.TMP\
uninstall cmd: MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: (33) 0825 888 024
Adobe Reader 8.1.0 - Français 8.1.0 ({AC76BA86-7AD7-1036-7B44-A81000000003})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 149605
install date: 20071021
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\Adobe Reader 8\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
publisher: Adobe Systems Incorporated
comments:
contact: Support clientèle
help link: https://helpx.adobe.com/support.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Lisezmoi.htm
Kit de connexion ADSL 3.30.000 ({B0C5783F-AB91-460B-8238-BD9A8F6346D3})
version: 52297728
install location: C:\Program Files\Kit ADSL
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
TomTom HOME 2.1.1106 ({B3FAE1D6-EA8B-4470-83B7-7A95D37BCA2B})
version: 33621074
version (major): 2
version (minor): 1
estimated size: 1641
install date: 20071027
install location: C:\Program Files\TomTom HOME 2\
install source: C:\Program Files\TomTom HOME 2\{B3FAE1D6-EA8B-4470-83B7-7A95D37BCA2B}\
publisher: TomTom
comments: Main branch development
contact: Customer Support Department
help link: https://help.tomtom.com/hc/en-gb
Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071117
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support
Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
version: 16777216
install location: C:\Program Files
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\SETUP.EXE" -l0x40c -uninst
Samsung PC Studio 3.1.1.70208 ({C4A4722E-79F9-417C-BD72-8D359A090C97})
version: 50331648
install date: 20070821
install location: C:\Program Files\Samsung\Samsung PC Studio 3\
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\bye4A.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
publisher: Samsung Electronics Co., Ltd.
comments: Samsung PC Studio 3 Maintenance
contact: Samsung Electronics Co., Ltd.
help link: http://www.samsungmobile.co.kr
help telephone: +82 2051 4151
Alice ADSL - Installation principale 2.00.000 ({CE5D7CE8-27E7-4452-AF33-F38F074BBD08})
version: 33554432
install location: C:\Program Files\Alice_Triway_WiFi
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
({D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5})
Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 1096
install date: 20070923
install source: C:\Program Files\Google\Installers\
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.
Samsung PC Studio 3 USB Driver Installer 1.00.0000 ({EBA29752-DDD2-4B62-B2E3-9841F92A3E3A})
version: 16777216
install date: 20070821
install location: C:\Program Files\Samsung\Samsung PC Studio 3
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\bye7C.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
publisher: Samsung Electronics Co., Ltd.
comments: Samsung PC Studio 3 Maintenance
contact: Samsung Electronics Co., Ltd.
help link: http://www.samsungmobile.co.kr
help telephone: +82 2051 4151
Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 31939
install date: 20070927
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
publisher: Microsoft Corporation
Samsung PC Studio 3.0.0.70208 ({FCA211BA-1A9F-4128-8DAE-96192C68816D})
version: 50331648
version (major): 3
estimated size: 1270
install date: 20070821
install location: C:\Program Files\Samsung\Samsung PC Studio 3\
install source: C:\Program Files\Samsung\Samsung PC Studio 3\{FCA211BA-1A9F-4128-8DAE-96192C68816D}\
publisher: Samsung Electronics Co., Ltd.
contact: Customer Support Department
help link: http://www.samsungmobile.co.kr
help telephone: 1-555-555-4505
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): 6to4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'application d'assistance IPv6
Description: Fournit l'enregistrement de nom DDNS et la connectivité IPv6 automatique via un réseau IPv4. Si ce service est arrêté, d'autres ordinateurs pourraient ne pas être en mesure de le contacter par son nom et l'ordinateur disposera uniquement de la connectivité IPv6 s'il est connecté à un réseau IPv6 natif. Si ce service est désactivé, tous les services qui en dépendent explicitement ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,tcpip6,winmgmt
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ac97intc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'installation du pilote audio Intel(r) 82801 (WDM)
Image path: system32\drivers\ac97intc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de contrôleur intégré Microsoft
Image path: System32\DRIVERS\ACPIEC.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ADILOADER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: General Purpose USB Driver (adildr.sys)
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): adiusbaw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB ADSL WAN Adapter
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Filtre de bus AGP Intel
Image path: System32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de la passerelle de la couche Application
Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Scheduler
Description: Service to schedule AntiVir jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 63016
Image MD5: A6FA9C14E649B2F3DE15390A1840774D
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 214056
Image MD5: F640EA98231D7B1DB730385813BFCE79
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Aspi32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: System32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote audio Stub
Image path: System32\DRIVERS\audstub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AVG Anti-Spyware Driver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AVG Anti-Spyware Guard
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 312880
Image MD5: 5DCD235C061022BCDA9AA48670B64211
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AvgAsCln
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): avgntdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntdd
Image path: SYSTEM32\DRIVERS\avgntdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: avgntmgr
Service (registry key): avgntmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntmgr
Image path: SYSTEM32\DRIVERS\avgntmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: System32\DRIVERS\avipbb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AWZYALMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de transfert intelligent en arrière-plan
Description: Utilise la bande passante réseau inactive pour transférer des données.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Explorateur d'ordinateur
Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): catchme
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\catchme.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de CD-ROM
Image path: System32\DRIVERS\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5120
Image MD5: 7901AF03767C140467671C7CEEB2C3FE
Co
Une fois mon pare-feu téléchargé installé, devrais-je réactiver mon firewall windows ou pas ?
Je tente l'install d'sp2 dans l'heure et te fais un rapport.
Je suis parvenu à virer les elements spybot le log est en ci-dessous.
J'ai relancé AVG scan (il tourne actuellement ) et j'ai déja 3 tracking cookies trouvés (risque moyen) est-ce normal après ce qu'on vient de faire ?
Dernière question avant le scan, je souhaiterais désactiver les ActiveX la connection sera t-elle viable si je le fais ? comment proceder ?
Merci encore! [/b]
--- Search result list ---
CoolWWWSearch.HomeSearch: [SBI $A8649E31] Root class (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NVideoCodec.Chl
CoolWWWSearch.HomeSearch: [SBI $A8649E31] Class ID (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\adiras.ini:lrbmza:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\bevuf.dat:uygzll:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\bkzro.dat:trupjd:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\desktop(5)(3).ini:ijugca:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\desktop(5)(4).ini:ijugca:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\desktop(5).ini:ijugca:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\ieuninst.exe:igfotu:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\logs2.ini:yqcypm:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\mshs.dll:ekajjh:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\nzytn.dat:bjeykq:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\quzyn.txt:lwmqxd:$DATA
CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
C:\WINDOWS\stub87.ini:xpqpvw:$DATA
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\acddp.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\aqvzn.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\bjqmp.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\cycvv.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\edhqp.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\epfci.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ezjav.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\fcjej.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\fnphy.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\gwzvt.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ibzrp.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ilbxo.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\irxsi.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\iultz.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\iyujp.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\izkbu.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\juvvx.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\jveky.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\kbrwu.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\kgtzd.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\kospz.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\lxpgu.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\mfoxc.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\miruy.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\mnkja.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\mxhyd.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\olsci.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\pacan.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\qhmzv.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\qpclc.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\rvkcm.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\serov.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\suqct.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\tckos.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\uslky.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xejld.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xpqpv.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xscof.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\xxmfo.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\ybwgf.txt
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yjmis.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yopok.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yxrmo.log
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\yyvfu.dat
CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
C:\WINDOWS\system32\zzijm.dat
Smitfraud-C.: [SBI $1167C539] Réglages (Valeur du registre, fixing failed)
HKEY_USERS\.DEFAULT\WindowsSubVersion
Smitfraud-C.: [SBI $1167C539] Réglages (Valeur du registre, fixed)
HKEY_USERS\S-1-5-18\WindowsSubVersion
MyWay.MyWebSearch: [SBI $DE2C892F] Installeur (Fichier, fixed)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Dialui-A: [SBI $76B7883B] Réglages désinstallation (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iexpedition
Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-11-17 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-11-14 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-14 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-14 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-14 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-14 Includes\PUPSC.sbi (*)
2007-11-14 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-14 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-14 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-14 Includes\Trojans.sbi (*)
2007-11-14 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ Windows Media Player: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Pack réseau avancé pour Windows XP
/ Windows XP / SP2: Correctif Windows XP - KB820291
/ Windows XP / SP2: Correctif Windows XP - KB821253
/ Windows XP / SP2: Correctif Windows XP - KB822603
/ Windows XP / SP2: Correctif Windows XP - KB823182
/ Windows XP / SP2: Correctif Windows XP - KB824105
/ Windows XP / SP2: Correctif Windows XP - KB824141
/ Windows XP / SP2: Correctif Windows XP - KB824146
/ Windows XP / SP2: Correctif Windows XP - KB825119
/ Windows XP / SP2: Correctif Windows XP - KB826939
/ Windows XP / SP2: Correctif Windows XP - KB826942
/ Windows XP / SP2: Correctif Windows XP - KB828028
/ Windows XP / SP2: Correctif Windows XP - KB828035
/ Windows XP / SP2: Correctif Windows XP - KB829558
/ Windows XP / SP2: Correctif Windows XP - KB842773
/ Windows XP / SP2: Correctif Windows XP (SP2) Q322011
/ Windows XP / SP2: Correctif Windows XP (SP2) Q327979
/ Windows XP / SP2: Correctif Windows XP (SP2) Q814995
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB927891)
--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40048
MD5: 66D4456C920E21BD2188F8CC33680DF5
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1844237615-839522115-854245398-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:RunOnce, SpybotDeletingB8958
where: S-1-5-21-1844237615-839522115-854245398-1007...
command: command /c del "C:\WINDOWS\xtjwc.dat:bhmxdg:$DATA"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD8530
where: S-1-5-21-1844237615-839522115-854245398-1007...
command: cmd /c del "C:\WINDOWS\xtjwc.dat:bhmxdg:$DATA"
file: C:\WINDOWS\system32\cmd.exe
size: 388096
MD5: 7C2769027921F5F798F5F482A80D2C06
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{41564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmvadvd.inf
Codebase: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38057.2693518519
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 11/06/2007 21:04:30
Date (last access): 17/11/2007 17:01:52
Date (last write): 11/06/2007 21:04:30
Filesize: 2267368
Attributes: archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 0) \SystemRoot\System32\smss.exe
size: 45568
PID: 192 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 4096
PID: 216 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 520704
PID: 260 ( 0) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 272 ( 0) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 436 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 468 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 500 ( 0) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 712 ( 0) C:\WINDOWS\Explorer.EXE
size: 1000448
MD5: F5909963533D861D169B737A1A8E1EF8
PID: 896 ( 0) C:\WINDOWS\System32\taskmgr.exe
size: 136192
MD5: 43D0E19C07536416037FDFBC372D2ECB
PID: 1020 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
PID: 1528 ( 0) C:\WINDOWS\regedit.exe
size: 140800
MD5: 6D58D6C99C797428AD28D9D67AAAAD9D
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 17/11/2007 17:04:41
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
(AddressBook)
Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html
Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\System32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.
Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage
(Branding)
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Documents and Settings\LAPTOP\Bureau\CCleaner\uninst.exe"
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(expinst)
(Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Documents and Settings\LAPTOP\Bureau\HijackThis.exe" /uninstall
publisher: TrendMicro
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
Internet Explorer Q832894 (ieupdate)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf
(InstallShield Uninstall Information)
Kaspersky Online Scanner 5.0 (Kaspersky Online Scanner)
install location: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner
uninstall cmd: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: https://my.kaspersky.com/en/kpc/newrequest?LANG=en
Windows XP Hotfix (SP2) [See KB810243 for more information] (KB810243)
publisher: Microsoft Corporation
Correctif Windows XP - KB824146 20030825.150634 (KB824146)
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/824146/
(KB884016)
Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20071102
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/howtotell/default.aspx
(KB893803)
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
(MSMSGS)
Barre d'outils MSN (MSN Toolbar)
uninstall cmd: C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\mtbs.exe c
(NetMeeting)
Outlook Express Q820223 (oeupdate)
uninstall cmd: C:\WINDOWS\Q820223.exe C:\WINDOWS\INF\Q820223.inf
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
IBM ThinkPad Power Management Driver 1.25.01 (Power Management Driver)
uninstall cmd: RunDll32.exe tpinspm.dll,Uninstall
Intel(R) PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe
Correctif Windows XP (SP2) Q322011 20021111.164308 (Q322011)
uninstall cmd: C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: Pour plus d'informations, consultez Q322011 à l'adresse https://support.microsoft.com/en-us
Correctif Windows XP (SP2) Q327979 20021114.125930 (Q327979)
uninstall cmd: C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: Pour plus d'informations, consultez Q327979 à l'adresse https://support.microsoft.com/en-us
Correctif Windows XP (SP2) Q814995 20030219.141715 (Q814995)
uninstall cmd: C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/814995
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/828026
(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set (SAMSUNG CDMA Modem)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software (SAMSUNG Mobile Composite Device)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software (Samsung Mobile phone USB driver)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem Software (SAMSUNG Mobile USB Modem)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software (SAMSUNG Mobile USB Modem 1.0)
uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
(SchedulingAgent)
(Sevinst)
VideoLAN VLC media player 0.8.1 0.8.1 (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team
Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/howtotell/default.aspx
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Lecteur Windows Media 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Yahoo! Toolbar avec bloqueur de fenêtres pop-up (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar (Yahoo! Toolbar)
(ZZ-ZZ-D24VaAhvUyhcOVIjRkZOW0ZPRkNGQFtETzUzRU5FRltGC0ALRwtHCzUyJCM4MTEyJSQiOVo0WzlPNkReNTtIIA==)
kit de connexion NC NUMERICABLE 1.0 ({1ABB299D-6C4E-498E-BB6C-BAEAB72600DD})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ABB299D-6C4E-498E-BB6C-BAEAB72600DD}\setup.exe" -l0x40c ControlPanel
InterVideo WinDVD 5 5.1-B5.26 ({1B399A41-C1D0-40A2-9E4F-095868EFAF01})
version (major): 5
version (minor): 1
install location: C:\Program Files\InterVideo\DVD5
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
contact: support@intervideo.com
help link: https://www.windvdpro.com/fr/
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
3.0.20070525 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20070525
version (major): 3
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20060416
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2652
install date: 20040309
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/
TomTom HOME 2.1.1106 ({3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95})
version: 33621074
install date: 20071027
install location: C:\Program Files\TomTom HOME 2
install source: C:\DOCUME~1\LAPTOP\MESDOC~1\TomTom\HOME\DOWNLO~1\DOWNLO~1\V2_1_1~1.EXE
uninstall cmd: C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly -removeonly
publisher: TomTom
help link: https://help.tomtom.com/hc/fr
Visionneuse Journal Windows Microsoft 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 3715
install date: 20040311
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: Visionneuse de documents créés avec l'application Journal Windows.
contact: Microsoft
Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
version: 73662777
version (major): 4
version (minor): 100
estimated size: 1220
install date: 20070927
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
publisher: Microsoft Corporation
SAGEM F@st 800-840 ({4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F})
Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051118
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080
({666ADC9C-9C34-4B56-8B22-0419F257FB80})
Apple Software Update 2.0.0.21 ({74EC78BC-B379-4E29-9006-8F161DCAABA6})
version: 33554432
version (major): 2
estimated size: 2204
install date: 20071028
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP242.TMP\
uninstall cmd: MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: 0825 888 024
Microsoft Office XP Professional 10.0.2627.5 ({9211040C-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 158055
install date: 20040311
install location: INSTALLLOCATION
install source: D:\OfficeXP\
uninstall cmd: MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us
readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM
QuickTime 7.2.0.240 ({95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC})
version: 117571584
version (major): 7
version (minor): 2
estimated size: 75787
install date: 20071028
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP242.TMP\
uninstall cmd: MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
publisher: Apple Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: (33) 0825 888 024
Adobe Reader 8.1.0 - Français 8.1.0 ({AC76BA86-7AD7-1036-7B44-A81000000003})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 149605
install date: 20071021
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\Adobe Reader 8\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
publisher: Adobe Systems Incorporated
comments:
contact: Support clientèle
help link: https://helpx.adobe.com/support.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Lisezmoi.htm
Kit de connexion ADSL 3.30.000 ({B0C5783F-AB91-460B-8238-BD9A8F6346D3})
version: 52297728
install location: C:\Program Files\Kit ADSL
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
TomTom HOME 2.1.1106 ({B3FAE1D6-EA8B-4470-83B7-7A95D37BCA2B})
version: 33621074
version (major): 2
version (minor): 1
estimated size: 1641
install date: 20071027
install location: C:\Program Files\TomTom HOME 2\
install source: C:\Program Files\TomTom HOME 2\{B3FAE1D6-EA8B-4470-83B7-7A95D37BCA2B}\
publisher: TomTom
comments: Main branch development
contact: Customer Support Department
help link: https://help.tomtom.com/hc/en-gb
Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071117
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support
Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
version: 16777216
install location: C:\Program Files
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\SETUP.EXE" -l0x40c -uninst
Samsung PC Studio 3.1.1.70208 ({C4A4722E-79F9-417C-BD72-8D359A090C97})
version: 50331648
install date: 20070821
install location: C:\Program Files\Samsung\Samsung PC Studio 3\
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\bye4A.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
publisher: Samsung Electronics Co., Ltd.
comments: Samsung PC Studio 3 Maintenance
contact: Samsung Electronics Co., Ltd.
help link: http://www.samsungmobile.co.kr
help telephone: +82 2051 4151
Alice ADSL - Installation principale 2.00.000 ({CE5D7CE8-27E7-4452-AF33-F38F074BBD08})
version: 33554432
install location: C:\Program Files\Alice_Triway_WiFi
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
({D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5})
Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 1096
install date: 20070923
install source: C:\Program Files\Google\Installers\
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.
Samsung PC Studio 3 USB Driver Installer 1.00.0000 ({EBA29752-DDD2-4B62-B2E3-9841F92A3E3A})
version: 16777216
install date: 20070821
install location: C:\Program Files\Samsung\Samsung PC Studio 3
install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\bye7C.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
publisher: Samsung Electronics Co., Ltd.
comments: Samsung PC Studio 3 Maintenance
contact: Samsung Electronics Co., Ltd.
help link: http://www.samsungmobile.co.kr
help telephone: +82 2051 4151
Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 31939
install date: 20070927
install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
publisher: Microsoft Corporation
Samsung PC Studio 3.0.0.70208 ({FCA211BA-1A9F-4128-8DAE-96192C68816D})
version: 50331648
version (major): 3
estimated size: 1270
install date: 20070821
install location: C:\Program Files\Samsung\Samsung PC Studio 3\
install source: C:\Program Files\Samsung\Samsung PC Studio 3\{FCA211BA-1A9F-4128-8DAE-96192C68816D}\
publisher: Samsung Electronics Co., Ltd.
contact: Customer Support Department
help link: http://www.samsungmobile.co.kr
help telephone: 1-555-555-4505
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): 6to4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'application d'assistance IPv6
Description: Fournit l'enregistrement de nom DDNS et la connectivité IPv6 automatique via un réseau IPv4. Si ce service est arrêté, d'autres ordinateurs pourraient ne pas être en mesure de le contacter par son nom et l'ordinateur disposera uniquement de la connectivité IPv6 s'il est connecté à un réseau IPv6 natif. Si ce service est désactivé, tous les services qui en dépendent explicitement ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,tcpip6,winmgmt
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ac97intc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'installation du pilote audio Intel(r) 82801 (WDM)
Image path: system32\drivers\ac97intc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de contrôleur intégré Microsoft
Image path: System32\DRIVERS\ACPIEC.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ADILOADER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: General Purpose USB Driver (adildr.sys)
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): adiusbaw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB ADSL WAN Adapter
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Filtre de bus AGP Intel
Image path: System32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de la passerelle de la couche Application
Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Scheduler
Description: Service to schedule AntiVir jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 63016
Image MD5: A6FA9C14E649B2F3DE15390A1840774D
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 214056
Image MD5: F640EA98231D7B1DB730385813BFCE79
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Aspi32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: System32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote audio Stub
Image path: System32\DRIVERS\audstub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AVG Anti-Spyware Driver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AVG Anti-Spyware Guard
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 312880
Image MD5: 5DCD235C061022BCDA9AA48670B64211
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AvgAsCln
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): avgntdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntdd
Image path: SYSTEM32\DRIVERS\avgntdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: avgntmgr
Service (registry key): avgntmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntmgr
Image path: SYSTEM32\DRIVERS\avgntmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: System32\DRIVERS\avipbb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AWZYALMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de transfert intelligent en arrière-plan
Description: Utilise la bande passante réseau inactive pour transférer des données.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Explorateur d'ordinateur
Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): catchme
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\catchme.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de CD-ROM
Image path: System32\DRIVERS\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5120
Image MD5: 7901AF03767C140467671C7CEEB2C3FE
Co
Bonjour,
Je n'ai pas pu installer sp2 en mode normal, en sans echec, après 1h d'installation(!) j'ai un message m'indiquant que l'installation ne peut être terminée car "acces denied"!
Je reéssaierai week end prochain en changeant les autorisation dans les HKey de regedit.
dernier scan hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:38, on 17/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Je n'ai pas pu installer sp2 en mode normal, en sans echec, après 1h d'installation(!) j'ai un message m'indiquant que l'installation ne peut être terminée car "acces denied"!
Je reéssaierai week end prochain en changeant les autorisation dans les HKey de regedit.
dernier scan hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:38, on 17/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Bonsoir,
jamais 2 parefeus en même temps. Kerio suffit.
Je ne vois pas d'activeX;
Ta console java n'est pas à jour, ce qui constitue une faille de sécurité. (version 6, release 3)
Ouvre ce lien :
https://www.java.com/fr/download/manual.jsp
Choisis la première ligne de téléchargement puis installe java.
En fin d'installation, revient sur la page pour vérifier ton installation.
Quand l'installation a réussi, ouvre le panneau de configuration, Ajout/suppression de programmes et supprime
J2SE Runtime Environment Version 5.0 Update xx.
Les tracding cookies, tu en as toujours.
Un petit utilitaire pour restaurer des clés essentielles :
http://telechargement.zebulon.fr/zeb-restore.html
J'attends de tes nouvelles.
jamais 2 parefeus en même temps. Kerio suffit.
Je ne vois pas d'activeX;
Ta console java n'est pas à jour, ce qui constitue une faille de sécurité. (version 6, release 3)
Ouvre ce lien :
https://www.java.com/fr/download/manual.jsp
Choisis la première ligne de téléchargement puis installe java.
En fin d'installation, revient sur la page pour vérifier ton installation.
Quand l'installation a réussi, ouvre le panneau de configuration, Ajout/suppression de programmes et supprime
J2SE Runtime Environment Version 5.0 Update xx.
Les tracding cookies, tu en as toujours.
Un petit utilitaire pour restaurer des clés essentielles :
http://telechargement.zebulon.fr/zeb-restore.html
J'attends de tes nouvelles.
Salut Le Lyonnais !
Voici le verdict : Pour l'installation de SP2 un seul mot d'ordre accès refusé (après 1h d'installation) .
La restauration des clés essentielles semble avoir bien fonctionné.
L'install de Java ne fonctionne pas, lorsque je clique sur l'îcone (pourtant bien enregistré du site sur mon bureau), un sablier s'affiche puis au bout de 5s plus rien n'est à sgnaler comme s'il avait abandonné l'install.
J'ai été sur les options internet pour les contrôles active X, pour les activer mais rien ne semble changer.
Autre souci, je ne parviens pas à désinstaller spybot. le fichier uninstall semble ne pas être present.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:25, on 25/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Voici le verdict : Pour l'installation de SP2 un seul mot d'ordre accès refusé (après 1h d'installation) .
La restauration des clés essentielles semble avoir bien fonctionné.
L'install de Java ne fonctionne pas, lorsque je clique sur l'îcone (pourtant bien enregistré du site sur mon bureau), un sablier s'affiche puis au bout de 5s plus rien n'est à sgnaler comme s'il avait abandonné l'install.
J'ai été sur les options internet pour les contrôles active X, pour les activer mais rien ne semble changer.
Autre souci, je ne parviens pas à désinstaller spybot. le fichier uninstall semble ne pas être present.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:25, on 25/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Bonjour,
pour désinstaller Spybot :
Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071117
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Réussi ?
pour désinstaller Spybot :
Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071117
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Réussi ?
Re, Le Lyonnais...
Pardonnes moi mais que dois-je faire avec ces references ? où dois-je les chercher ?
Dois-je simplement rechercher puis effacer les fichiers indiqués ?
Pardonnes moi mais que dois-je faire avec ces references ? où dois-je les chercher ?
Dois-je simplement rechercher puis effacer les fichiers indiqués ?
Re,
désolé,
tu ouvres l'explorateur Windows, tu cherches :
C:\Program Files\Spybot - Search & Destroy\unins000.exe
tu double-cliques dessus pour désinstaller spybot.
désolé,
tu ouvres l'explorateur Windows, tu cherches :
C:\Program Files\Spybot - Search & Destroy\unins000.exe
tu double-cliques dessus pour désinstaller spybot.
Slt
Lorsque je clique dessus, un panneau qui m'indique que le même fichier mais en .dat n'existe pas : desinstallation impossible.
Lorsque je clique dessus, un panneau qui m'indique que le même fichier mais en .dat n'existe pas : desinstallation impossible.
Bonjour,
solution :
tu supprimes le dossier.
derrière, tu fais passer ccleaner pour nettoyer le registre.
J'ai l'impresssion que je ne peux plus grand chose pour toi.
mais le fait de rester sous SP1 est une faille de sécurité permanente.
L'absence de mise à jour de la console java aussi.
Antivir est une bonne protection.
AVG AS est une version payante ? Sinon la protection résidente va cesser.
Il semble que Spysweeper serait une meilleure protection.
Voir tuto ici :
http://www.malekal.com/tutorial_SpySweeper.php
solution :
tu supprimes le dossier.
derrière, tu fais passer ccleaner pour nettoyer le registre.
J'ai l'impresssion que je ne peux plus grand chose pour toi.
mais le fait de rester sous SP1 est une faille de sécurité permanente.
L'absence de mise à jour de la console java aussi.
Antivir est une bonne protection.
AVG AS est une version payante ? Sinon la protection résidente va cesser.
Il semble que Spysweeper serait une meilleure protection.
Voir tuto ici :
http://www.malekal.com/tutorial_SpySweeper.php
Merci Le Lyonnais,
Tu en as déjà fait beaucoup et je t'en suis infiniment reconnaissant.
Pour moi le PC est ok, je ne l'utilises quasiment pas, c'est juste qu'il contient d'anciens fichiers que je peux être amené à vouloir récupérer et que je voulais sauver.
D'autre part La page est suffisamment chargée comme ça ;-)
AVG semble être gratuit...
PS: Si un jour les affaires ou autres t'amènent vers chez moi dans le Nord, ne manque pas de me contacter avant "keusty2005@AHOO.FR"
En attendant bonne continuation à toi ...
Tu en as déjà fait beaucoup et je t'en suis infiniment reconnaissant.
Pour moi le PC est ok, je ne l'utilises quasiment pas, c'est juste qu'il contient d'anciens fichiers que je peux être amené à vouloir récupérer et que je voulais sauver.
D'autre part La page est suffisamment chargée comme ça ;-)
AVG semble être gratuit...
PS: Si un jour les affaires ou autres t'amènent vers chez moi dans le Nord, ne manque pas de me contacter avant "keusty2005@AHOO.FR"
En attendant bonne continuation à toi ...
Bonjour,
je vais mettre le post en résolu.
Evite d'utiliser l'ordi pour accéder au Net. Il est particulièrement vulnérable. La non mise à jour de l'OS, du navigateur, de la console java sont autant de failles de sécurité exploitées par les malwares et qui restent ouvertes.
AVG AS a été téléchargé pendant la désinfection. C'est donc la version gratuite et la protectioin résidente va disparaitre au bout de quelques semaines (bientôt). Tu peux le remplacer par Superantispyware ou Spysweeper qui, je crois, conservent la garde résidente même en version gratuite. A défaut, Spybot l'assure. Mais un seul antispy en garde résidente.
Bon surf.
je vais mettre le post en résolu.
Evite d'utiliser l'ordi pour accéder au Net. Il est particulièrement vulnérable. La non mise à jour de l'OS, du navigateur, de la console java sont autant de failles de sécurité exploitées par les malwares et qui restent ouvertes.
AVG AS a été téléchargé pendant la désinfection. C'est donc la version gratuite et la protectioin résidente va disparaitre au bout de quelques semaines (bientôt). Tu peux le remplacer par Superantispyware ou Spysweeper qui, je crois, conservent la garde résidente même en version gratuite. A défaut, Spybot l'assure. Mais un seul antispy en garde résidente.
Bon surf.
